• EN
    • DE
  • Login
Consent Management Platform
Consent Management Platform (CMP) Usercentrics
  • ProductsHolistic Consent Management Software
    • Website Consent Management
    • Mobile Consent Management
    • AMP Consent Management (BETA)
    • Smart Data Protector
    • Automatic Privacy Policy
  • Solutions
    • GDPR
    • CCPA
    • CMP for Publishers
  • Pricing
  • Resources
    • Developer Documentation
    • Videos
    • FAQ
    • Knowledge Hub
    • Whitepaper
    • Webinars
    • RFI Template
    • What’s new?
  • Partner
    • Find a partner
    • Become a partner
    • Tech Partner
    • Expert Partner
    • Reselling Partner
    • Referral Partner
  • Company
    • About us
    • Career
    • Press
    • Events
    • Contact
  • GET STARTED NOW
  • Menu
GDPR Opt-inGoogle Analytics & GDPR
June 19, 2020 | 2 min read

First prohibition order due to Google Analytics

Resources
Knowledge Hub
First prohibition order due to Google Analytics

Table of contents

Show more Show less

Collecting data via Google Analytics without obtaining the prior, explicit consent of website visitors? This was possible for a long time but the LfDI Rhineland-Palatinate (State Representative for Data Protection and Information Freedom Rhineland-Palatinate) has now thrown down the gauntlet to website operators who gather analysis data without users’ consent – and has already issued its first prohibition orders.

“Legitimate interest” does not apply to Google Analytics

Citing “legitimate interest” as a legal basis when using Google Analytics according to Art. 6 Paragraph. 1 lit. f GDPR, as has been typical in the past, has been ruled as unacceptable by the LFDI Rhineland-Palatinate in its statement.

The reason is that it cannot be assumed that users visiting a website are aware of their data being evaluated and forwarded to Google. Not even when the IP address is anonymised beforehand. In fact, it must generally be assumed that there is an information deficit on the user’s side.

This means website operators wishing to use Google Analytics or similar web analysis or tracking tools must obtain explicit consent from the users (Art. 6 Paragraph. 1 lit) in order to comply with applicable data protection laws – and in every case before a tracking pixel is loaded.

Google Analytics may only be used with GDPR-compliant consent

Background: Other data protection authorities in addition to the LfDI Rhineland-Palatinate have positioned themselves in recent months with respect to Google Analytics and similar analytical tools. The Bavarian State Office for Data Protection Supervision likewise draws upon the ECJ’s ruling, in its statement from November 2019 dealing with active consent to use cookies.

The prevailing opinion: Non-essential cookies e.g. those for marketing or statistical purposes always require explicit user consent – including for the use of Google Analytics.

What can website operators do?

Website operators wishing to continue to use Google Analytics as an analytical tool must ensure they have prior, explicit consent from users to gather and process their data for this purpose.

The following criteria must be fulfilled for user consent to be GDPR-compliant:

✔ It must be explicit.

⇨ e.g. through the user actively opting in by ticking a box or by sliding a switch.

✔ It must be informed.

 ⇨ The privacy statement must contain information about the use of Google Analytics and cookies.

✔ It must be revocable.

⇨ The user must be able to revoke his or her consent to the use of Google Analytics at any time – and this as easily as the consent was given.

✔ It must be documented.

⇨ Consent must be proven in the event of an audit through a court or data protection authority.

Detailed information about the subject of “GDPR-compliant consent” can be found here.

CONSENT MANAGEMENT MADE EASY

Obtaining, managing and documenting user consent in accordance with the GDPR is a technically complex process. By using a so-called Consent Management Platform (CMP) this process can occur seamlessly and GDPR-compliant – guaranteed.

 

You want to know more about the Usercentrics CMP? Please feel free to contact us.

 

Request a Demo

Related Articles

Google Consent Mode: everything you need to know in 5 minutesGoogle Consent Mode
January 15, 2021
4 min read
Google Analytics & GDPRMarketing & GDPR

Google Consent Mode: everything you need to know in 5 minutes

Use Google Analytics, Google Tag Manager or Google Ads while being GDPR-compliant simultaneously? Don’t think it’s possible? Well think...

Read more about Consent Mode
Usercentrics supports Google Consent ModeGoogle_Grafik
December 22, 2020
1 min read
Google Analytics & GDPR

Usercentrics supports Google Consent Mode

With Consent Mode Google has provided a solution for advertisers to adjust the behaviour of Google tags on their...

Read more
Hello discounts, adieu data protection? – Black Friday and its effects on your Opt-in rates
December 10, 2020
1 min read
GDPR Opt-in

Hello discounts, adieu data protection? – Black Friday and its effects on your Opt-in rates

Black Friday Analysis: Do customers throw caution to the wind regarding their privacy with great offers? Are they more...

Read more

Next Steps

Scan your website

Scan your website

Check your privacy compliance
Request a demo

Request a demo

Schedule for free
Get started

Get started

See our pricing

Legal Update

Always up-to-date: With our legal update, we keep you up to date with the latest trends around data protection.

Products

  • Website Consent Management
  • CMP for Publishers
  • Mobile App Consent
  • Automatic Privacy Policy
  • Smart Data Protector
  • AMP Consent Management (closed beta)

Resources

  • Whitepaper
  • Case Study
  • On Demand Webinars
  • Live Webinars
  • Knowledge Hub
  • RFI Template
  • Videos
  • FAQ
  • Developer Documentation

About Us

  • Who we are
  • Career
  • Press
  • Events
  • Contact

Our Mission

Helping companies to achieve compliance in harmony with their marketing strategy.

Legal

  • Legal Notice
  • Privacy Policy
  • Terms and Conditions

Address

Usercentrics GmbH
Sendlinger Straße 7
80331 Munich
Germany

© Copyright 2021 Usercentrics

This website and all services provided by Usercentrics are not intended for users and companies outside of the European Union, U.K. or Switzerland.

Consent Management Platform – buy or build yourself? Consent Management Platform – buy or build yourself? - Usercentrics Usercentrics - Obtaining user consent: these five tricks are not GDPR-compliantUsercentrics - Obtaining user consent: these five tricks are not GDPR-compliant Obtaining user consent: these five tricks are not GDPR-compliant
Scroll to top